Minutes interim-2020-mls-23: Tue 11:00
Messaging Layer Security
||Minutes interim-2020-mls-23: Tue 11:00
- #142, #160
- Richard: Just close?
- Konrad: We inject GroupContext as if key. But purpose is to achieve key
separation. Should either inject into each step, or have one Extract step
- Richard: Prefer once rather than all the time.
- **Merge #427**
- Brendan: Probably not something we're going to handle.
- Richard: Agree, good to close.
- No ticket
- Joel: When is deadline to change how parent hashes are computed?
- Brendan: Why
- Joel: Discussed in past, whether parent hash should include tree hash or
not. Creates weaker guarantees for member joining group. Say a signing key
is leaked. Alice gets a Welcome and joins group. How quickly group is secure
again depends on how parent hash is computed; including tree hash makes
group secure faster.
- Richard: Karthik was worried about group agreement at the interim in NY.
Sounds like Joel has concrete attacks.
- Brendan: I think this is controlled a lot by the fact that we sign
- **Conclusion:** Joel will raise in more detail on mailing list.
- Raphael: Significant performance improvement in some cases.
- **Conclusion:** Minor issues to fix, then good to merge.
- **Action items:**
- Rename recovery secret to resumption.
- Add back section on Recovery Key.
- Add text to re-originate ReInit proposals when there are others.
- Make clear with multiple ReInits.
- Brendan: Contrasting GroupKeyPackage with GroupInfo, GroupInfo is signed.
Shouldn't we also sign GroupKeyPackage?
- Raphael: Bad for deniability.
- Brendan: But if people use External Commit primarily, then it seems like you
have weaker group agreement.
- Richard: Probably need to go to mailing list.
- **Conclusion:** Additional concerns to be raised on mailing list.